Loading...

postfix-users@postfix.org

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: Need to clarfiy how to implement spamtrap address checking & discard with before-queue filtering. Noel Jones Thu Feb 23 15:00:13 2012

On 2/23/2012 3:55 PM, [EMAIL PROTECTED] wrote:
> Hello Noel,
> 
> On Thu, Feb 23, 2012, at 03:31 PM, Noel Jones wrote:
>>
>> (sorry, had to work for a while)
> 
> No worries.  Nice to have someone reasonable to chat with.  Bit of a dry
> spell on that.  It's appreciated.
> 
>> On 2/23/2012 2:58 PM, [EMAIL PROTECTED] wrote:
>> Ah, a different server.  Important infomation (or maybe I missed it...).
> 
> Easy to miss.  Fwiw, as originally @
> 
>   http://marc.info/?l=postfix-users&m=133002076514425&w=2
> 
> my sendmail 'send' was sent from 192.168.1.13 to postfix listening @
> "inet_interfaces = 192.168.1.10 192.168.1.11".
> 
> Clearly mistakenly having presumed that that's clear enough, I called it
> out specifically only recently in response to the lashings.
> 
>>>     Feb 23 11:51:52 desk postfix/smtp[20627]: 986C040083:
>>>     to=<[EMAIL PROTECTED]>,
>>>     relay=mail.rogermail.lan[192.168.1.10]:25, delay=0.3,
>>>     delays=0.21/0/0.03/0.06, dsn=5.1.1, status=bounced (host
>>>     mail.rogermail.lan[192.168.1.10] said: 550 5.1.1
>>>     <[EMAIL PROTECTED]>: Recipient address rejected: User
>>>     unknown in virtual mailbox table (in reply to RCPT TO command))
>>
>> This is the error you need to get rid of.  The spamtrap user must be
>> accepted for the downstream listener to use it to trigger the DISCARD.
>>
>> If you add the spam@ user to your local storage all will be well.
> 
> Aha, I think ...
> 
> So IIUC, I need to RE-add the list of spamtraps in the has table as
> valid users (removed as valid after known to be compromised ...) so
> that, rather than being off-hand rejected as an unkonw/non-existent
> [EMAIL PROTECTED], the multiple-recipient message gets carried through far
> enought to get to where that DISCARD check+action is valid?
> 
> Is that approaching correct?

Yes, that is the intent.  The recipient must be accepted to get to
the post-filter DISCARD.


> 
> If so, then I assume that I leave only postscreen listening at the
> 'real' external address, and the spamtrap address check shoud remaing
> associated with the 127.0.0.1:10026 reinjection listener, as you'd
> previously advised?

Yes, the check for the spamtrap recipient must be in the
127.0.0.1:10026 listener for DISCARD to work.



  -- Noel Jones